Topic on Project:Support desk

Error 403 when there is a "@" character is present

2 comments 02:19, 25 April 2024 9 days ago
2
Summary by Nathanielmorais

I solved it configuring apache2 mod security.

Nathanielmorais (talkcontribs)

I am facing this issue in a new instalation. When i edit any page and ther is the @ character, the page shows a 403 error.

Example: root@debian:~

If i put a space before @ it works, like root @debian:~


Any secret i don't know?

22:23, 24 April 2024 9 days ago
Nathanielmorais (talkcontribs)

Making more specific: when my page have root@debian it shows a 403 error. When i change to mark@debian, nathaniel@debian, anything@debian, it works fine.

What's about root@debian? Why it gives me a 403 error?

From web server error.log:

Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 189.50.82.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\\\\\b(?:coalesce\\\\\\\\b|root\\\\\\\\@))" at ARGS:text. [file "/etc/apache/modsecurity.d/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "140"] [id "950908"] [rev "2"] [msg "SQL Injection Attack."]

02:08, 25 April 2024 9 days ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Y3jdb8itch8zr8gk"